A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
17
Affected Products
24
References
quarkus / quarkus
| - |
| redhat | build_of_optaplanner | - | - |
| redhat | build_of_quarkus | 2.13.0 - 2.13.8 | - |
| redhat | decision_manager | - | - |
| redhat | integration_camel_k | 1.10.2 | - |
| redhat | integration_camel_quarkus | - | - |
| redhat | integration_service_registry | - | - |
| redhat | jboss_middleware | - | - |
| redhat | jboss_middleware_text-only_advisories | - | - |
| redhat | openshift_serverless | - | - |
| redhat | openshift_serverless | - | - |
| redhat | process_automation_manager | - | - |
| redhat | openshift_container_platform | - | - |
| redhat | openshift_container_platform | - | - |
| redhat | openshift_container_platform | - | - |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact